8000 Bump the cargo group across 1 directory with 7 updates by dependabot[bot] · Pull Request #1 · sumonst21/ffsend · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Bump the cargo group across 1 directory with 7 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and 8000 privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the cargo group across 1 directory with 7 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
@dependabot dependabot bot commented on behalf of github Mar 27, 2025

Bumps the cargo group with 6 updates in the / directory:

Package From To
h2 0.3.20 0.3.26
openssl 0.10.56 0.10.71
rustix 0.38.8 0.38.13
rustls 0.21.6 0.21.12
traitobject 0.1.0 0.1.1
webpki 0.22.0 0.22.4

Updates h2 from 0.3.20 to 0.3.26

Release notes

Sourced from h2's releases.

v0.3.26

What's Changed

  • Limit number of CONTINUATION frames for misbehaving connections.

See https://seanmonstar.com/blog/hyper-http2-continuation-flood/ for more info.

v0.3.25

What's Changed

Full Changelog: hyperium/h2@v0.3.24...v0.3.25

v0.3.24

Fixed

  • Limit error resets for misbehaving connections.

v0.3.23

What's Changed

v0.3.22

What's Changed

  • Add header_table_size(usize) option to client and server builders.
  • Improve throughput when vectored IO is not available.
  • Update indexmap to 2.

New Contributors

< 8000 ul dir="auto">
  • @​tottoto made their first contribution in hyperium/h2#714
  • @​xiaoyawei made their first contribution in hyperium/h2#712
  • @​Protryon made their first contribution in hyperium/h2#719
  • @​4JX made their first contribution in hyperium/h2#638
  • @​vuittont60 made their first contribution in hyperium/h2#724

    • v0.3.21

    What's Changed

    • Fix opening of new streams over peer's max concurrent limit.
    • Fix RecvStream to return data even if it has received a CANCEL stream error.
    • Update MSRV to 1.63.

    New Contributors

    Changelog

    Sourced from h2's changelog.

    0.3.26 (April 3, 2024)

    • Limit number of CONTINUATION frames for misbehaving connections.

    0.3.25 (March 15, 2024)

    • Improve performance decoding many headers.

    0.3.24 (January 17, 2024)

    • Limit error resets for misbehaving connections.

    0.3.23 (January 10, 2024)

    • Backport fix from 0.4.1 for stream capacity assignment.

    0.3.22 (November 15, 2023)

    • Add header_table_size(usize) option to client and server builders.
    • Improve throughput when vectored IO is not available.
    • Update indexmap to 2.

    0.3.21 (August 21, 2023)

    • Fix opening of new streams over peer's max concurrent limit.
    • Fix RecvStream to return data even if it has received a CANCEL stream error.
    • Update MSRV to 1.63.
    Commits

    Updates openssl from 0.10.56 to 0.10.71

    Release notes

    Sourced from openssl's releases.

    openssl-v0.10.71

    What's Changed

    New Contributors

    Full Changelog: sfackler/rust-openssl@openssl-v0.10.70...openssl-v0.10.71

    openssl v0.10.70

    What's Changed

    Full Changelog: sfackler/rust-openssl@openssl-v0.10.69...openssl-v0.10.70

    openssl v0.10.69

    What's Changed

    New Contributors

    Full Changelog: sfackler/rust-openssl@openssl-v0.10.68...openssl-v0.10.69

    openssl-v0.10.68

    What's Changed

    Full Changelog: sfackler/rust-openssl@openssl-v0.10.67...openssl-v0.10.68

    openssl-v0.10.67

    What's Changed

    ... (truncated)

    Commits
    • 1a16077 Merge pull request #2369 from alex/bump-for-release
    • 3312618 Merge pull request #2366 from frncs-rss/license_apache
    • f71fcf2 Release openssl v0.10.71 and openssl-sys v0.9.106
    • 6ca34f8 add full Apache license file
    • c0f1442 Merge pull request #2361 from alex/rc2
    • ae495dc Expose rc2 ciphers on symm::Cipher
    • a4d399b Release openssl v0.10.70
    • c9a33e2 Release openssl-sys v0.9.105
    • f014afb Merge pull request #2360 from sfackler/fix-alpn-lifetimes
    • 8e6e30b Fix lifetimes in ssl::select_next_proto
    • Additional commits viewable in compare view

    Updates rustix from 0.38.8 to 0.38.13

    Commits
    • 2eedbb2 chore: Release rustix version 0.38.13
    • e5ee07b Fix a few typos in cfgs. (#822)
    • 8073ab2 Miscellaneous fixes for the rustc-dep-of-std build. (#820)
    • ba51780 Fix the test_ttyname_ok test when /dev/stdin is inaccessable. (#821)
    • 3fb04ee Work around a Rust 1.69 doc bug. (#819)
    • 1c1af76 Move the ELF bindings to linux-raw-sys. (#817)
    • 38fa9ba chore: Release rustix version 0.38.12
    • ee6eff6 Fix prctl calls in the runtime module to pass 5 arguments. (#816)
    • 7d0f073 Minor comment cleanups. (#815)
    • 3d03ab2 Fix bug in pr_get_auxv (#814)
    • Additional commits viewable in compare view

    Updates rustls from 0.21.6 to 0.21.12

    Commits
    • 3633152 Cargo: v0.21.11 -> v0.21.12
    • 0baaeba proj: MSRV 1.61 -> 1.63
    • 6fd691a tls13: fix clippy::unnecessary_lazy_evaluations finding
    • 6da5337 Test for illegal IP address in server name extension
    • 75f8857 Ignore server_name extension containing IP address
    • 7b8d1db Prepare 0.21.11
    • ebcb478 complete_io: bail out if progress is impossible
    • 20f35df Regression test for complete_io infinite loop bug
    • 2f2aae1 Don't specially handle unauthenticated close_notify alerts
    • e163587 Don't deny warnings from nightly clippy
    • Additional commits viewable in compare view

    Updates rustls-webpki from 0.101.3 to 0.101.7

    Release notes

    Sourced from rustls-webpki's releases.

    0.101.7

    • Upgrades *ring* to 0.17, and untrusted to 0.9. Note: since untrusted appears in the Error API this may be a breaking change for applications using two untrusted versions.

    What's Changed

    Full Changelog: rustls/webpki@v/0.101.6...v/0.101.7

    0.101.6

    • The CertificateRevocationList trait's verify_signature Budget argument was removed. This was a semver incompatible change mistakenly introduced in v0.101.5.

    What's Changed

    Full Changelog: rustls/webpki@v/0.101.5...v/0.101.6

    0.101.5

    • Path building complexity is now limited to a maximum budget of path finding operations, avoiding exponential processing time when encountering certificate chains containing many certificates with the same subject/issuer distinguished name but different subject public key information.
    • Name constraints evaluation is now limited to a maximum number of comparison operations, avoiding exponential processing time when encountering certificate chains containing many name constraints and subject alternate names.
    • Subject common names are no longer parsed for name iteration, or applying name constraints. Webpki only uses Subject Alternate Names when validating certificates, and the common name handling was buggy, producing Error::BadDer when iterating certificates with printable string subject common names, or omitted common names encoded as an empty sequence.

    What's Changed

    The following PRs were backported to the rel-0.101 branch in #170:

    • Further limits on expensive path building (#163)
    • Budget tweaks (#164)
    • Bound name constraint comparisons (#165)
    • Remove subject common name parsing (#169, thanks to @​hawkw)
    • Correct handling of fatal errors (#168)

    Thanks to all who have contributed, on behalf of the rustls team (@​ctz, @​cpu and @​djc)!

    0.101.4

    Release notes

    • certificate path building and verification is now capped at 100 signature validation operations to avoid the risk of CPU usage denial-of-service attack when validating crafted certificate chains producing quadratic runtime. This risk affected both clients, as well as servers that verified client certificates.

    What's Changed

    Full Changelog: rustls/webpki@v/0.101.3...v/0.101.4

    Commits
    • ee5aab1 Cargo: v0.101.6 -> v0.101.7
    • 4f721a9 Upgrade to rcgen 0.11.3
    • 3be3625 Bump MSRV to 1.61
    • bb7c7f4 Upgrade to ring 0.17, untrusted 0.9
    • 2eeb292 Simplify tests for DER errors
    • 7956538 Cargo: v0.101.5 -> v0.101.6
    • 7f8208e crl: rm Budget from verify_signature fn
    • 7cb6c64 Cargo: bump version 0.101.4 -> 0.101.5
    • 2dd2a06 verify_cert: use enum for build chain error
    • c255d61 verify_cert: correct handling of fatal errors
    • Additional commits viewable in compare view

    Updates traitobject from 0.1.0 to 0.1.1

    Commits

    Updates webpki from 0.22.0 to 0.22.4

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
    • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
    • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
    • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
    • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
    • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
      You can disable automated security fix PRs for this repo from the Security Alerts page.

    @dependabot
    Bump the cargo group across 1 directory with 7 updates
    d4b52c2 
    Bumps the cargo group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [h2](https://github.com/hyperium/h2) | `0.3.20` | `0.3.26` |
| [openssl](https://github.com/sfackler/rust-openssl) | `0.10.56` | `0.10.71` |
| [rustix](https://github.com/bytecodealliance/rustix) | `0.38.8` | `0.38.13` |
| [rustls](https://github.com/rustls/rustls) | `0.21.6` | `0.21.12` |
| [traitobject](https://github.com/reem/rust-traitobject) | `0.1.0` | `0.1.1` |
| [webpki](https://github.com/briansmith/webpki) | `0.22.0` | `0.22.4` |



Updates `h2` from 0.3.20 to 0.3.26
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/v0.3.26/CHANGELOG.md)
- [Commits](hyperium/h2@v0.3.20...v0.3.26)

Updates `openssl` from 0.10.56 to 0.10.71
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](sfackler/rust-openssl@openssl-v0.10.56...openssl-v0.10.71)

Updates `rustix` from 0.38.8 to 0.38.13
- [Release notes](https://github.com/bytecodealliance/rustix/releases)
- [Changelog](https://github.com/bytecodealliance/rustix/blob/main/CHANGES.md)
- [Commits](bytecodealliance/rustix@v0.38.8...v0.38.13)

Updates `rustls` from 0.21.6 to 0.21.12
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.21.6...v/0.21.12)

Updates `rustls-webpki` from 0.101.3 to 0.101.7
- [Release notes](https://github.com/rustls/webpki/releases)
- [Commits](rustls/webpki@v/0.101.3...v/0.101.7)

Updates `traitobject` from 0.1.0 to 0.1.1
- [Commits](https://github.com/reem/rust-traitobject/commits)

Updates `webpki` from 0.22.0 to 0.22.4
- [Commits](https://github.com/briansmith/webpki/commits)

---
updated-dependencies:
- dependency-name: h2
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: openssl
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustix
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustls
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustls-webpki
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: traitobject
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: webpki
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Mar 27, 2025
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers
    No reviews
    Assignees
    No one assigned
    Labels
    dependencies Pull requests that update a dependency file rust Pull requests that update rust code
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    0 participants
    0